Posted by & filed under Tech Support.



The following function will:

Connect to the service that it’s trying to change credentials on through WMI
Change the credentials to those provided when calling the function
Stop the service, wait until the service is stopped (while re-enumerating the service to get up to date WMI information)
… and then start the service again.

If you have any issues with the script, feel free to comment below and I will work to add some error handling or additional functionality. Also, WMI can sometimes hang when a server is in a bad state. If this happens please look for a custom WMI function with connection options specified. If someone needs that, again – comment and I will post some sample code.

As always, enjoy!

Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass)
{
$filter = 'Name=' + "'" + $strServiceName + "'" + ''
$service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
$service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass)
$service.StopService()
while ($service.Started){
sleep 2
$service = Get-WMIObject -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter}
$service.StartService()
}

 

Usage: Set-ServiceAcctCreds -strCompName “Computer1″ -strServiceName “Service” -newAcct “DOM\ServiceUser” -newPass ‘newSecureWord’

10 Responses to “Change Remote Windows Service Credentials and Password in Powershell”

  1. Stuart

    I’m looking for a script that will do this but modified slightly. I tried to modify it, but I really suck at this.

    All I want is a script that can be run remotely on all the computers in our environment that will make a particular service (Advanced Monitoring Agent) run as Administrator.

    I guess I’m not really sure which parts to edit to make it work in my environment. I get errors all over the place no matter what I do.

    It’s not your responsibility, but would you mind helping me out here?

  2. Chris

    There should be no reason to modify this script. Simply paste the code into powershell, and then call the function.

    Set-ServiceAcctCreds(“servername”,”Advanced Monitoring Agent”,”Domain\Administrator”,”Password”)

    Obviously this isn’t exactly right, you’ll need to modify the username and password, and probably pipe the servername in from another command… if you have a CSV full of server names for example, you would type:

    Import-CSV csvwithnames.csv | %{Set-ServiceAcctCreds($_.ServerName,”Advanced Monitoring Agent”,”Domain\Administrator”,”Password”)}

    Also, if you’re doing this as a local admin, you might have to specify that as well, and probably pipe the name in to that section as well.

    Keep in mind, you probably shouldn’t be setting all of the services for something in your environment to run as a domain admin…

  3. Pete

    Hi Chris,

    Thanks for your article! I am trying to reset the service account (a domain user) password on a remote machine. I tried it out, and got the following result – any tips?

    PS Y:\> Function Set-ServiceAcctCreds([string]$strCompName,[string]$strServiceName,[string]$newAcct,[string]$newPass)
    {
    $filter = ‘Name=’ + “‘” + $strServiceName + “‘” + ”
    $service = Get-WMIObject -ComputerName $strCompName -namespace “root\cimv2″ -class Win32_Service -Filter $filter
    $service.Change($null,$null,$null,$null,$null,$null,$newAcct,$newPass)
    $service.StopService()
    while ($service.Started){
    sleep 2
    $service = Get-WMIObject -ComputerName $strCompName -namespace “root\cimv2″ -class Win32_Service -Filter $filter}
    $service.StartService()
    }

    Set-ServiceAcctCreds(“”,””,”\”,””)
    Get-WmiObject : Invalid parameter
    At line:4 char:25
    + $service = Get-WMIObject <<<< -ComputerName $strCompName -namespace "root\cimv2" -class Win32_Service -Filter $filter
    + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    You cannot call a method on a null-valued expression.
    At line:5 char:16
    + $service.Change <<<< ($null,$null,$null,$null,$null,$null,$newAcct,$newPass)
    + CategoryInfo : InvalidOperation: (Change:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At line:6 char:21
    + $service.StopService <<<< ()
    + CategoryInfo : InvalidOperation: (StopService:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At line:10 char:22
    + $service.StartService <<<< ()
    + CategoryInfo : InvalidOperation: (StartService:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    Many thanks in advance! :)
    Pete

  4. Josiah

    Hi Chris,

    The same error occurs when the parenthesis and commas are removed.

  5. Chris

    Use it how the usage is specified in the article itself: Set-ServiceAcctCreds -strCompName “Computer1″ -strServiceName “Service” -newAcct “DOM\ServiceUser” -newPass ‘newSecureWord’

    If it gives you trouble, paste the error in again and I’ll look at it.

  6. Jules

    Hi Chris,

    I have been trying many different methods for changing properties of services (namely the user and password), however I always stumble upon this $svc.change($null, $null….) method.
    However whenever I have tried this I get the same error as pete:
    “You cannot call a method on a null-valued expression”.
    Any clues as to why this happens?

    Thanks

  7. Chris

    That’s because the $service object is null. That means that something about the Get-WMIObject cmdlet above didn’t work. Try to run that outside of the script by itself and troubleshoot any issues that come up.

  8. Tom

    I realize this is an old post, but I attempted running this function without success. If I run individual pieces the WMI query does return all the services listed on the machine I specify. However, the service never stops, starts, or changes “Log On As,” it just sits there. I also took out the starting and stopping of the service to see if it would just set the log on as but it does not. Any ideas?

Leave a Reply

  • (will not be published)